TY - CHAP
T1 - Statistical and Signature Analysis Methods of Intrusion Detection
AU - Radivilova, Tamara
AU - Kirichenko, Lyudmyla
AU - Alghawli, Abed Saif
AU - Ageyev, Dmytro
AU - Mulesa, Oksana
AU - Baranovskyi, Oleksii
AU - Ilkov, Andrii
AU - Kulbachnyi, Vladyslav
AU - Bondarenko, Oleg
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Existing models and methods of intrusion detection are mostly aimed at detecting intensive attacks, do not take into account the security of computer system resources and the properties of information flows. This limits the ability to detect anomalies in computer systems and information flows in a timely manner. The latest monitoring and intrusion detection solutions must take into account self-similar and statistical traffic characteristics, deep packet analysis, and the time it takes to process the information. An analysis of properties traffic and data collected at nodes and in the network was performed. Based on the analysis traffic parameters that will be used as indicators for intrusion detection were selected. A method of intrusion detection based on packet statistical analysis is described and simulated. A comparative analysis of binary classification of fractal time series by machine learning methods is performed. We consider classification by the example of different types of attack detection in traffic implementations. Random forest with regression trees and multilayer perceptron with periodic normalization were chosen as classification methods. The experimental results showed the effectiveness of the proposed methods in detecting attacks and identifying their type. All methods showed high attack detection accuracy values and low false positive values.
AB - Existing models and methods of intrusion detection are mostly aimed at detecting intensive attacks, do not take into account the security of computer system resources and the properties of information flows. This limits the ability to detect anomalies in computer systems and information flows in a timely manner. The latest monitoring and intrusion detection solutions must take into account self-similar and statistical traffic characteristics, deep packet analysis, and the time it takes to process the information. An analysis of properties traffic and data collected at nodes and in the network was performed. Based on the analysis traffic parameters that will be used as indicators for intrusion detection were selected. A method of intrusion detection based on packet statistical analysis is described and simulated. A comparative analysis of binary classification of fractal time series by machine learning methods is performed. We consider classification by the example of different types of attack detection in traffic implementations. Random forest with regression trees and multilayer perceptron with periodic normalization were chosen as classification methods. The experimental results showed the effectiveness of the proposed methods in detecting attacks and identifying their type. All methods showed high attack detection accuracy values and low false positive values.
KW - Attacks
KW - Classification
KW - Intrusion detection
KW - Machine learning
KW - Security
KW - Self-similar traffic
KW - Statistical analysis
UR - http://www.scopus.com/inward/record.url?scp=85127981778&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-95161-0_5
DO - 10.1007/978-3-030-95161-0_5
M3 - Chapter
AN - SCOPUS:85127981778
T3 - Lecture Notes on Data Engineering and Communications Technologies
SP - 115
EP - 131
BT - Lecture Notes on Data Engineering and Communications Technologies
PB - Springer Science and Business Media Deutschland GmbH
ER -